Disclaimer

This product review reflects my own views on this product
and as such reflect my opinion. While some product documentation has been
consulted for the sake of clarity, none of it has been reproduced for the sake
of this review

Introduction

This document serves to document a review of SPAMfighter
Exchange Module (SEM). The product was reviewed specifically for the
purposes of

SPAM handling capabilities

Scalability and resilience

Reporting

Administrative and end user benefit

Executive Summary

SPAMfighter Exchange Module (SEM) is a capable
product with an installed community in excess of four million users. Due to the
nature of SEM, this allows the product to detect and classify a SPAM email and
benefit the entire global installed user base within minutes. Due to the core
differences of SEM in detecting and classifying SPAM email in this way, SEM
offers SPAM protection and benefits of a different nature, which may offer
better SPAM protection than traditional static filtering or learning products.
This however should be evaluated individually per mail organization. SEM is
available in English, German, Danish, Dutch, Spanish, French and Greek.

Installation

The first impressions you have when downloading SEM is that
it TINY. The SEM.EXE executable installer is 370KB large! However, the
installer is a shell which will automatically detect the correct version of
.NET and download the appropriate version. For my Exchange 2003 test machine,
the subsequent installer was 8051KB.

First impressions were quite favorable. The web interface is
well laid out and easy to use. Something that struck me was the fantastic
language support in SEM. Most European languages are supported by default and
more are added all the time, as such this has to be one of the most accessible
anti-SPAM products on the market today for a larger audience. If you're in Europe looking for a localized product, I would strongly recommend SEM on language support
alone. Current language support includes English, German, Danish, Dutch,
Spanish, French and Greek

First off to position this product - it is not a replacement
for a commercial mail edge server. SEM is designed to fit onto an Existing
Exchange server with the smallest footprint possible. SEM will not intrude into
the Mail Store and is well written from a privacy point of view, however, as I
mentioned, it will not harden your Exchange installation in any way. If you're
an open relay, or have suffered from mail abuse in the past, then SEM may not
be the right product for you, since the folks at SEM expect you to harden your
network before SEM is installed.

What
does it do?

SEM first and foremost is an anti-SPAM engine. As I
mentioned previously, it installs with the smallest possible footprint, and doesn't
interfere with mail flow, even if it breaks! - More on this later. While it has
support for a number of common anti-SPAM features, such as white and black
lists, language filter and integrated AV, where SEM differentiates itself, is
the Community Filter feature.

The Community Feature has nothing to do with open source.
What it does do is fingerprint the email on arrival and compare it with other emails
which SEM users have received and possibly blocked around the world. With a
community of 4,300,000 users globally, this allows SEM to block mail on various
levels of aggression, depending on if the mail has been received as SPAM in
other places around the world. Note that SEM does not transmit mail backwards
and forwards, merely the email fingerprint, which makes each SPAM item received
identifiable.

Where's
the value?

"Normal" SPAM blocking methods involve trying to block a
combination of a number of known attack profiles. This means, each mail
organization individually, installs and "trains" their SPAM filters to
understand relevant mail within the context of their organization. This
involves having learning filters such as Bayesian filters learn the difference
between "SPAM" and "HAM, RBL lookup's to block known Spammers, blacklists
against Spammers who are dumb enough to SPAM you from the same domain
repeatedly, checking the integrity of the mail header, reverse DNS lookups,
Microsoft's sender-id mechanism etc, etc. All of these combined make for a
reasonable anti SPAM defense.

However, think of a fresh attack hitting networks all over
the world. Each network individually would need to work out if the mail is
valid, and then block it or not. What SEM can do, and does do with the
community feature is this: Spammers release yet another different kind of SPAM
attack not known to our filters today. Let's say it's an embedded image. SEM
installations in 220 countries around the world start reporting and confirming
the SPAM item and/or attack, and every other SEM installation in the world
benefits within minutes. That's right, from launch to global block within
minutes. That's assuming everything works right, and the folks at SEM assure me
that it does.

How
does it do it?

As mentioned previously, SEM has a very low impact on an
Exchange installation. It uses event sinks in SMTP and the individual mail
stores to be notified of mail that arrived. This means that if SEM were to
break or malfunction, baring SMTP stopping or failing mail flow would continue.
As an email arrived the header is checked for consistency. The email is then
checked for images, and the email body as a whole is evaluated. Each one of
these is then fingerprinted and compared against a known attack profile. If any
one of these flag as possible SPAM items, then the mail is flagged as SPAM and
either blocked or allowed in as a marked SPAM item to appear in your SPAM
folder - bear in mind that other local filters are also involved in the
process.

How
fast is SEM?

Since SEM offers a small installed footprint, it tends to be
as fast as the number of filters chosen and the number of actions chosen within
the product. By default it tends to run quickly enough not to need anything
switched off, however the control is there to ensure individual settings may be
switched on or off.

How
Resilient is SEM ?

SPAMfighter has put an enormous amount of effort into
protecting not only continuity service but also performance with 28 servers
around the world. The state of each server is available here: http://www.SPAMfighter.com/FAQ_Firewall_Edge.asp.
If the server closest to your particular location becomes overwhelmed, there's another
27 to help.

Disclaimer: Your use of the information
contained in these pages is at your sole risk. All information
on these pages is provided "as is", without any warranty,
whether express or implied, of its accuracy, completeness,
fitness for a particular purpose, title or non-infringement, and
none of the third-party products or information mentioned in the
work are authored, recommended, supported or guaranteed by
Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages
you may sustain by using this information, whether direct,
indirect, special, incidental or consequential, even if it has
been advised of the possibility of such damages.